Re: [Microsoft to ship new versions with firewall enabled]

From: Daniel Senie

Date: Thu Aug 14 11:26:17 2003

At 10:46 AM 8/14/2003, Joshua Sahala wrote:

Sean Donelan <sean@donelan.com> wrote:
>
> John Markoff reports in the New York Times that Microsoft plans to change
> how it ships Windows XP due to the worm. In the future Microsoft will
> ship both business and consumer verisons of Windows XP with the included
> firewall enabled by default.
>
while i think many of us will welcome this, i am skeptical of what
the firewall will be 'enabled' to block, and how easy it will be
for the user to set-up rules (and hopefully there will be a sanity
check included so that 'permit in any' is not a valid option, but
then 'permit out any' should not be one either)
but still, it is a step...

The firewall in XP appears to perform stateful inspection. I have run scans
against my own XP machines using NMAP and other tools. The machine appears
completely non-responsive to such scans (i.e. no response on any ports).

I use this feature most especially when using public wifi hot spots, and
encourage my clients to do the same (or use some other firewall software)
when at such locales.

What Microsoft implemented does seem quite sufficient for many users. The
down-side to this and all other firewalls running in software on end hosts
is the possibility of an application finding another path in (e.g. email
attached virus) and disabling the firewall.

I am no Microsoft apologist and am a proponent of open source, but have to
admit they did a good job on this feature. It's good that Microsoft has
finally realized the value in defaulting this capability to ON.